In March 2016, a financially motivated threat actor launched several tailored spear phishing campaigns primarily targeting the retail, restaurant, and hospitality industries. The emails contained variations of Microsoft Word documents with embedded macros that, when enabled , downloaded and executed a malicious downloader that we refer to as PUNCHBUGGY.

Coming off a busy holiday season with a massive surge in deliveries, this post highlights a phishing campaign involving a fake DHL tracking page.

We’re proud to release a new plug-in for IDA Pro users – SimplifyGraph – to help automate creation of groups of nodes in the IDA’s disassembly graph view.

This post continues the FireEye Labs Advanced Reverse Engineering (FLARE) script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on Windows and Linux, and can be obtained from the  flare-qdb github project .

FireEye observed a phishing campaign targeting at least seven global law and investment firms and has associated this campaign with APT19.

APT3 (also known as UPS), the actors responsible for Operation Clandestine Fox, has quietly continued to send waves of spearphishing messages over the past few months and has now focused on privilege escalation.

FLARE VM has gone through many major changes to better support our users’ needs.

Mandiant has observed a critical Citrix Netscaler ADC zero-day vulnerability being exploited in the wild.

Recent malware campaigns in Europe  are using similar overlay techniques to trick unsuspecting users into providing their banking credentials.

We became aware of a chain of adversary methodologies that leverage LNKs to achieve persistence.